From: Ravi Teja P Date: Mon, 29 Jun 2020 17:39:29 +0000 (+0530) Subject: [CVE-2020-14422] bpo-41004: Resolve hash collisions for IPv4Interface and IPv6Interfa... X-Git-Tag: submit/tizen_6.0_base/20210521.062029~2 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=c8913a90e49db34aa31ee5e96a662b6d7d993eaa;p=platform%2Fupstream%2Fpython3.git [CVE-2020-14422] bpo-41004: Resolve hash collisions for IPv4Interface and IPv6Interface (GH-21033) The __hash__() methods of classes IPv4Interface and IPv6Interface had issue of generating constant hash values of 32 and 128 respectively causing hash collisions. The fix uses the hash() function to generate hash values for the objects instead of XOR operation Change-Id: Iedba34943247152526befe55ee13a297df2da216 Signed-off-by: DongHun Kwak --- diff --git a/Lib/ipaddress.py b/Lib/ipaddress.py index cc9ae711..4193e32c 100644 --- a/Lib/ipaddress.py +++ b/Lib/ipaddress.py @@ -1435,7 +1435,7 @@ class IPv4Interface(IPv4Address): return False def __hash__(self): - return self._ip ^ self._prefixlen ^ int(self.network.network_address) + return hash((self._ip, self._prefixlen, int(self.network.network_address))) __reduce__ = _IPAddressBase.__reduce__ @@ -2109,7 +2109,7 @@ class IPv6Interface(IPv6Address): return False def __hash__(self): - return self._ip ^ self._prefixlen ^ int(self.network.network_address) + return hash((self._ip, self._prefixlen, int(self.network.network_address))) __reduce__ = _IPAddressBase.__reduce__